back caretBlog

Making the Case for Software Behavior Transparency

On May 12, 2021, the Biden Administration announced an executive order aimed at strengthening the cybersecurity of government and public sector programs. The executive order came in the wake of several major recent incidents, including the SolarWinds, Microsoft Exchange Server, and Pulse Secure CVEs, which impacted numerous federal agencies as well as private sector companies.

One primary focus of the cyber order is to improve the security of the software supply chain. Specifically, it will require vendors to provide a software bill of materials (SBOM)—a list of all third-party and open-source components used to build their software—in order to work with federal agencies.

While the SBOM would make it easier and faster for federal agencies to determine whether one of these dependent components subjects them to a vulnerability, it's not enough.

Faster incident response does not do much in the way of protection or prevention of compromise in the supply chain. We need to take it one step further to demonstrate when software within the supply chain is at risk of attack.

We believe that we also need software behavior transparency.

A behavior transparency framework allows companies within the supply chain to detail the expected actions that the software will take on a device or on the network. This will help security analysts to develop a baseline of expected behavior and distinguish between expected noise and indications of compromise. In turn, it will give security teams an advantage in identifying exploitation of unknown vulnerabilities in any proprietary or open-source software.

Interested in learning more? Read my TechCrunch Op-Ed.

To join us in building a more secure software supply chain, sign up below. We will follow up with more information and next steps.

By continuing you are agreeing to the ExtraHop Terms of Use and Privacy Policy

Thank you for expressing interest in behavior transparency. We will follow up with you shortly.

You will not receive any marketing materials from ExtraHop unless you opt-in at a future date.

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed